先决条件
- Chef Sever 运行在与节点/工作站托管在同一隔离网络上的虚拟机上
- 网络确实需要代理才能与互联网上的服务进行通信
问题
在 Windows 上引导特定节点后尝试运行“chef-client”会导致:-
knife winrm <machine> chef-client -m -x <user> -P <password> --verbose
[2017-03-15T07:48:28+00:00] INFO: *** Chef 12.19.36 ***
[2017-03-15T07:48:28+00:00] INFO: Platform: x64-mingw32
[2017-03-15T07:48:28+00:00] INFO: Chef-client pid: 16184
[2017-03-15T07:48:50+00:00] INFO: Client key C:\chef\client.pem is not present - registering
[2017-03-15T07:48:50+00:00] ERROR: Running exception handlers
[2017-03-15T07:48:50+00:00] ERROR: Exception handlers complete
[2017-03-15T07:48:50+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
[2017-03-15T07:48:50+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2017-03-15T07:48:50+00:00] FATAL: NoMethodError: undefined method `closed?' for nil:NilClass
Did you mean? clone
正确的是,它没有找到 client.pem 并且是第一次使用验证器,但是在阅读堆栈跟踪后,我可以看到根本原因是机器无法从 Chef 服务器获取私钥。见下文:-
>>>> Caused by Net::HTTPServerException: 407 "Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )"
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:120:in `error!'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:129:in `value'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:920:in `connect'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:852:in `start'
C:/opscode/chef/embedded/lib/ruby/2.3.0/net/http.rb:1398:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http/basic_client.rb:70:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:340:in `block in send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:372:in `block in retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `loop'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:370:in `retrying_http_errors'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:333:in `send_http_request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:148:in `request'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/http.rb:131:in `post'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:96:in `create'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:87:in `create_or_update'
C:/opscode/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36-universal-mingw32/lib/chef/api_client/registration.rb:58:in `run'
我尝试了什么?
手动创建并从 Chef 服务器下载私钥 - 稍后仍会收到 407。这让我相信实际上存在一些代理问题,但是我能够从节点与 Chef 服务器正常通信
我已使用域 Controller 的凭据运行 WinRM 命令,因此我确信不存在权限缺失问题,并且已在节点上启用了以下 WinRM 设置。
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig -transport:http
cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}
cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="3000"}
cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}
cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"}
cmd.exe /c netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
更新在计算机本地运行 Chef 客户端,甚至不使用 WinRM 也会导致相同的错误。 将 WinRM 设置和命令留在帖子中以供历史引用
Knife .rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin_user.pem"
validation_client_name 'org-validator'
validation_key "#{current_dir}/org-validator.pem"
chef_server_url "https://chef.fqdn/organizations/org"
cookbook_path ["#{current_dir}/../cookbooks"]
由引导进程创建的Client.rb
log_level :info
log_location STDOUT
chef_server_url "https://chef.fqdn/organizations/org"
validation_client_name "org-validator"
file_cache_path "c:/chef/cache"
file_backup_path "c:/chef/backup"
cache_options ({:path => "c:/chef/cache/checksums", :skip_expires => true})
# Using default node name (fqdn)
trusted_certs_dir "c:/chef/trusted_certs"
值得注意的是,我在网络上的任何其他计算机上都没有遇到此问题。我正在努力从 Chef 客户端或 Chef 服务器找到更多调试信息。
回答
正如接受的答案中提到的,机器在 Windows 环境变量中设置了 HTTP_PROXY, Chef 可以识别并尝试使用。解决方案是将 no_proxy 添加到 client.rb 或删除 HTTP_PROXY 环境变量。
no_proxy 'chef.fqdn'
最佳答案
如果 Chef 不需要代理,请取消设置代理环境变量或适当设置 no_proxy。
关于chef-infra - Windows 上的 Chef-client 因 NoSuchMethodError 失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42804089/